New issue
Advanced search Search tips

Issue 791491 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Dec 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

Security: CVE-2017-17095 - libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c)

Project Member Reported by mnissler@chromium.org, Dec 4 2017

Issue description

Buffer overflow in pal2rgb, accessible via crafted input image. See http://bugzilla.maptools.org/show_bug.cgi?id=2750

adlr, chirantan: Are we using this code via cups?

Assuming we do for now and setting medium severity since we sandbox cups filters IIRC.
 
Project Member

Comment 1 by sheriffbot@chromium.org, Dec 4 2017

Labels: -Pri-2 Pri-1
If we don't use this tool anywhere we can remove it from the OS image by adding it to the install mask like we did for tiff2pdf: https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/681074
Cc: -adlr@chromium.org
Owner: adlr@chromium.org
Status: Assigned (was: Unconfirmed)
Assigning to Andrew for question in OP.
Cc: skau@chromium.org
Sean might also know.

Sean: are we using pal2rgb?

Comment 5 by adlr@chromium.org, Dec 5 2017

Owner: skau@chromium.org
I'm days (hours?) away from paternity leave. Assigning to skau@ to triage.

Comment 6 by skau@chromium.org, Dec 5 2017

I don't think we're using it.  I'll look at just removing it.

Comment 7 by skau@chromium.org, Dec 5 2017

Printing doesn't need pal2rgb.  We use the tiff libraries directly. 
Project Member

Comment 8 by bugdroid1@chromium.org, Dec 6 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/b7d00816e7da7957750a2d45426f447a5a9c826b

commit b7d00816e7da7957750a2d45426f447a5a9c826b
Author: Sean Kau <skau@chromium.org>
Date: Wed Dec 06 04:22:38 2017

chromeos/config: Mask out pal2rgb

The binary is unused.  Users of media-libs/tiff just use libtiff.

BUG= chromium:791491 
TEST=Verified we can still print images

Change-Id: I7ec40315c64ee52c50480c1924993d6729eeecab
Reviewed-on: https://chromium-review.googlesource.com/810064
Commit-Ready: Sean Kau <skau@chromium.org>
Tested-by: Sean Kau <skau@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>

[modify] https://crrev.com/b7d00816e7da7957750a2d45426f447a5a9c826b/chromeos/config/env/media-libs/tiff

Status: Fixed (was: Assigned)
Thanks Sean!
Project Member

Comment 10 by sheriffbot@chromium.org, Dec 7 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member

Comment 11 by sheriffbot@chromium.org, Mar 15 2018

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 12 by sheriffbot@chromium.org, Mar 27 2018

Labels: -M-63 M-65

Sign in to add a comment